The General Data Protection Regulation (GDPR) is bringing in new legal protection for personal information from May 2018.
Each therapist is responsible for keeping all records safe and secure and in accordance with current codes of practice.
This information is provided to help you understand what personal information is held by us and why and what your rights are.
Basic contact information is taken via the website to allow us to contact you and handle bookings.
The Purpose of processing Client Data and Lawful Basis for Holding and Using Client Information
Information is used to offer the best possible treatment and associated recommendations concerning aspects of health and wellbeing.
The lawful basis under which we hold and use your information is to provide you with the best possible treatment options and to gain your consent.
Where special category data (i.e. health related information) is gathered by a full member of the Association of Reflexologists (AoR), the Additional Condition under which this information is held is to fulfil the role as a health care practitioner bound under the AoR Confidentiality as defined in the AoR Code of Practice and Ethics.
What information is held and what is done with it and how long is the information retained
- Your contact details to handle appointments or send you relevant offers or information (if via third party, with your consent)
- Medical history and other health-related information are taken during initial consultations where appropriate to help plan treatment.
- Treatment details and related notes are kept to record the progress of treatment.
- Depending on insurance requirements, records may be required to be kept for 7 years after last treatment
- For clients under 16 records may be kept until the child is 25 or if 17 when treated, then 26
Information will NOT be shared with anyone else (other than as required for legal process) without explaining why it is necessary and getting your explicit consent. Your data will not be transferred outside the EU without your consent or added to any mailing list without your consent.
Protecting Your Personal Data
Each therapist will ensure that your personal data is secure to prevent unauthorised access or disclosure.
GDPR gives you the following rights:
- The right to be informed: To know how your information will be held and used (this notice).
- The right of access: To see your therapist’s records of your personal information, so you know what is held about you and can verify it.
- The right to rectification: To tell your therapist to make changes to your personal information if it is incorrect or incomplete.
- The right to erasure (also called “the right to be forgotten”): For you to request your therapist to erase any information they hold about you
- The right to restrict processing of personal data: You have the right to request limits on how your therapist uses your personal information
- The right to data portability: under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.
- The right to object: To be able to tell your therapist you don’t want them to use certain parts of your information, or only to use it for certain purposes.
- Rights in relation to automated decision-making and profiling.
- The right to lodge a complaint with the Information Commissioner’s Office:
To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.
Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
If you wish to exercise any of these rights, please use the contact details given above.
- if you don’t agree to your therapist keeping records of information about you and your treatments, or if you don’t allow them to use the information in the way they need to for treatments, the therapist may not be able to treat you
- Your therapist has to keep your records of treatment for a certain period as described above, which may mean that even if you ask them to erase any details about you, they might have to keep these details until after that period has passed
- Your therapist can move their records between their computers and IT systems, as long as your details are protected from being seen by others without your permission.